Merge remote-tracking branch 'origin/main'

# Conflicts:
#	src/schema.rs

6 files changed, 238 insertions, 115 deletions

diff --git a/src/bin/main.rs b/src/bin/main.rs
index 8b61e5c..882fdc6 100644
--- a/src/bin/main.rs
+++ b/src/bin/main.rs
@@ -10,11 +10,10 @@ use gradecoin::schema::create_database;
 #[tokio::main]
 async fn main() {
     // Show debug logs by default by setting `RUST_LOG=gradecoin=debug`
-    // TODO: write logs to file? <13-04-21, yigit> //
     if env::var_os("RUST_LOG").is_none() {
         env::set_var("RUST_LOG", "gradecoin=debug");
     }
-    pretty_env_logger::init();
+    log4rs::init_file("log.conf.yml", Default::default()).unwrap();
 
     let db = create_database();
 
diff --git a/src/error.rs b/src/error.rs
deleted file mode 100644
index 7339a06..0000000
--- a/src/error.rs
+++ /dev/null
@@ -1,38 +0,0 @@
-use log::warn;
-use serde::Serialize;
-use std::convert::Infallible;
-use warp::{http::StatusCode, Rejection, Reply};
-
-#[derive(Serialize)]
-struct ErrorResponse {
-    message: String,
-}
-
-pub async fn handle_rejection(err: Rejection) -> std::result::Result<impl Reply, Infallible> {
-    let code;
-    let message;
-
-    if err.is_not_found() {
-        code = StatusCode::NOT_FOUND;
-        message = "Requested resource is not found";
-    } else if let Some(_) = err.find::<warp::filters::body::BodyDeserializeError>() {
-        code = StatusCode::BAD_REQUEST;
-        message = "Error: JSON body is not formatted correctly, check your payload";
-    } else if let Some(_) = err.find::<warp::reject::MissingHeader>() {
-        code = StatusCode::METHOD_NOT_ALLOWED;
-        message = "Error: Authorization header missing, cannot authorize";
-    } else if let Some(_) = err.find::<warp::reject::MethodNotAllowed>() {
-        code = StatusCode::METHOD_NOT_ALLOWED;
-        message = "Error: method not allowed on this endpoint";
-    } else {
-        warn!("unhandled error: {:?}", err);
-        code = StatusCode::INTERNAL_SERVER_ERROR;
-        message = "Internal Server Error";
-    }
-
-    let json = warp::reply::json(&ErrorResponse {
-        message: message.to_owned(),
-    });
-
-    Ok(warp::reply::with_status(json, code))
-}
diff --git a/src/handlers.rs b/src/handlers.rs
index a8c9947..fe60ded 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -1,6 +1,6 @@
-/// API handlers, the ends of each filter chain
 use aes::Aes128;
-use base64;
+/// API handlers, the ends of each filter chain
+use askama::Template;
 use blake2::{Blake2s, Digest};
 use block_modes::block_padding::Pkcs7;
 use block_modes::{BlockMode, Cbc};
@@ -8,10 +8,8 @@ use jsonwebtoken::errors::ErrorKind;
 use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation};
 use log::{debug, warn};
 use md5::Md5;
-use parking_lot::RwLockUpgradableReadGuard;
 use rsa::{PaddingScheme, RSAPrivateKey};
 use serde::Serialize;
-use serde_json;
 use sha2::Sha256;
 use std::collections::HashMap;
 use std::convert::Infallible;
@@ -39,6 +37,7 @@ enum ResponseType {
 
 use crate::schema::{
     AuthRequest, Block, Claims, Db, InitialAuthRequest, MetuId, NakedBlock, Transaction, User,
+    UserAtRest,
 };
 
 const BEARER: &str = "Bearer ";
@@ -61,9 +60,9 @@ const BEARER: &str = "Bearer ";
 ///     public_key: "---BEGIN PUBLIC KEY..."
 /// }
 ///
-/// - Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
+/// - Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext`
 /// - The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
-/// using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
+/// using sha256 with `gradecoin_public_key`, giving us `key_ciphertext`
 /// - The payload JSON object (`auth_request`) can be JSON serialized now:
 /// {
 ///     c: "auth_ciphertext"
@@ -92,7 +91,7 @@ pub async fn authenticate_user(
     // Load our RSA Private Key as DER
     let der_encoded = PRIVATE_KEY
         .lines()
-        .filter(|line| !line.starts_with("-"))
+        .filter(|line| !line.starts_with('-'))
         .fold(String::new(), |mut data, line| {
             data.push_str(&line);
             data
@@ -104,18 +103,126 @@ pub async fn authenticate_user(
     let gradecoin_private_key = RSAPrivateKey::from_pkcs1(&der_bytes).expect("failed to parse key");
 
     let padding = PaddingScheme::new_oaep::<sha2::Sha256>();
-    let temp_key = gradecoin_private_key
-        .decrypt(padding, &request.key.as_bytes())
-        .expect("failed to decrypt");
 
-    // decrypt c using key dec_key
-    let cipher = Aes128Cbc::new_var(&temp_key, &request.iv).unwrap();
-    let auth_plaintext = cipher
-        .decrypt_vec(&base64::decode(request.c).unwrap())
-        .unwrap();
+    let key_ciphertext = match base64::decode(&request.key) {
+        Ok(c) => c,
+        Err(err) => {
+            debug!(
+                "The ciphertext of the key was not base64 encoded {}, {}",
+                &request.key, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "The ciphertext of the key was not base64 encoded {}, {}".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    let temp_key = match gradecoin_private_key.decrypt(padding, &key_ciphertext) {
+        Ok(k) => k,
+        Err(err) => {
+            debug!(
+                "Failed to decrypt ciphertext {:?}, {}",
+                &key_ciphertext, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "Failed to decrypt the ciphertext of the temporary key".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    let cipher = match Aes128Cbc::new_var(&temp_key, &request.iv.as_bytes()) {
+        Ok(c) => c,
+        Err(err) => {
+            debug!(
+                "Could not create a cipher from temp_key and request.iv {:?}, {}, {}",
+                &temp_key, &request.iv, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "Given IV has invalid length".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
 
-    let request: AuthRequest =
-        serde_json::from_str(&String::from_utf8(auth_plaintext).unwrap()).unwrap();
+    let auth_packet = match base64::decode(&request.c) {
+        Ok(a) => a,
+
+        Err(err) => {
+            debug!(
+                "The auth_packet (c field) did not base64 decode {} {}",
+                &request.c, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "The c field was not correctly base64 encoded".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    let auth_plaintext = match cipher.decrypt_vec(&auth_packet) {
+        Ok(p) => p,
+        Err(err) => {
+            debug!(
+                "Base64 decoded auth request did not decrypt correctly {:?} {}",
+                &auth_packet, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "The Bas64 decoded auth request did not decrypt correctly".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    let utf8_auth_plaintext = match String::from_utf8(auth_plaintext.clone()) {
+        Ok(text) => text,
+        Err(err) => {
+            debug!(
+                "Auth plaintext did not convert into utf8 {:?} {}",
+                &auth_plaintext, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "Auth plaintext couldn't get converted to UTF-8".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
+
+    let request: AuthRequest = match serde_json::from_str(&utf8_auth_plaintext) {
+        Ok(req) => req,
+        Err(err) => {
+            debug!(
+                "Auth plaintext did not serialize correctly {:?} {}",
+                &utf8_auth_plaintext, err
+            );
+
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message: "The auth request JSON did not serialize correctly".to_owned(),
+            });
+
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
+    };
 
     let provided_id = request.student_id.clone();
 
@@ -131,33 +238,24 @@ pub async fn authenticate_user(
         }
     };
 
-    let userlist = db.users.upgradable_read();
-
-    if userlist.contains_key(&provided_id) {
-        let res_json = warp::reply::json(&GradeCoinResponse {
-            res: ResponseType::Error,
-            message:
-                "This user is already authenticated, do you think this is a mistake? Contact me"
-                    .to_owned(),
-        });
-
-        return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
-    }
+    {
+        let userlist = db.users.read();
 
-    // We're using this as the validator
-    // I hate myself
-    if let Err(_) = DecodingKey::from_rsa_pem(request.public_key.as_bytes()) {
-        let res_json = warp::reply::json(&GradeCoinResponse {
-            res: ResponseType::Error,
-            message: "The supplied RSA public key is not in valid PEM format".to_owned(),
-        });
+        if userlist.contains_key(&provided_id) {
+            let res_json = warp::reply::json(&GradeCoinResponse {
+                res: ResponseType::Error,
+                message:
+                    "This user is already authenticated, do you think this is a mistake? Contact me"
+                        .to_owned(),
+            });
 
-        return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+            return Ok(warp::reply::with_status(res_json, StatusCode::BAD_REQUEST));
+        }
     }
 
     // We're using this as the validator
     // I hate myself
-    if let Err(_) = DecodingKey::from_rsa_pem(request.public_key.as_bytes()) {
+    if DecodingKey::from_rsa_pem(request.public_key.as_bytes()).is_err() {
         let res_json = warp::reply::json(&GradeCoinResponse {
             res: ResponseType::Error,
             message: "The supplied RSA public key is not in valid PEM format".to_owned(),
@@ -174,11 +272,19 @@ pub async fn authenticate_user(
         balance: 0,
     };
 
-    let user_json = serde_json::to_string(&new_user).unwrap();
+    let user_at_rest_json = serde_json::to_string(&UserAtRest {
+        user: User {
+            user_id: new_user.user_id.clone(),
+            public_key: new_user.public_key.clone(),
+            balance: 0,
+        },
+        fingerprint: fingerprint.clone(),
+    })
+    .unwrap();
 
-    fs::write(format!("users/{}.guy", new_user.user_id), user_json).unwrap();
+    fs::write(format!("users/{}.guy", new_user.user_id), user_at_rest_json).unwrap();
 
-    let mut userlist = RwLockUpgradableReadGuard::upgrade(userlist);
+    let mut userlist = db.users.write();
 
     userlist.insert(fingerprint.clone(), new_user);
 
@@ -193,17 +299,6 @@ pub async fn authenticate_user(
     Ok(warp::reply::with_status(res_json, StatusCode::CREATED))
 }
 
-// fn shed_pem_header_footer(maybe_key: String) -> Result<Vec<u8>, String> {
-//     let der_encoded = maybe_key
-//         .lines()
-//         .filter(|line| !line.starts_with("-"))
-//         .fold(String::new(), |mut data, line| {
-//             data.push_str(&line);
-//             data
-//         });
-//     Ok(base64::decode(&der_encoded).expect("failed to decode base64 content"))
-// }
-
 /// GET /transaction
 /// Returns JSON array of transactions
 /// Cannot fail
@@ -241,7 +336,7 @@ pub async fn authorized_propose_block(
 
     println!("{:?}", &new_block);
 
-    if new_block.transaction_list.len() < 1 {
+    if new_block.transaction_list.is_empty() {
         let res_json = warp::reply::json(&GradeCoinResponse {
             res: ResponseType::Error,
             message: format!(
@@ -322,8 +417,8 @@ pub async fn authorized_propose_block(
 
     let naked_block = NakedBlock {
         transaction_list: new_block.transaction_list.clone(),
-        nonce: new_block.nonce.clone(),
-        timestamp: new_block.timestamp.clone(),
+        nonce: new_block.nonce,
+        timestamp: new_block.timestamp,
     };
 
     let naked_block_flat = serde_json::to_vec(&naked_block).unwrap();
@@ -556,7 +651,7 @@ pub async fn list_blocks(db: Db) -> Result<impl warp::Reply, Infallible> {
 /// *[`jwt_token`]: The raw JWT token, "Bearer aaa.bbb.ccc"
 /// *[`user_pem`]: User Public Key, "BEGIN RSA"
 /// NOT async, might look into it if this becomes a bottleneck
-fn authorize_proposer(jwt_token: String, user_pem: &String) -> Result<TokenData<Claims>, String> {
+fn authorize_proposer(jwt_token: String, user_pem: &str) -> Result<TokenData<Claims>, String> {
     // Throw away the "Bearer " part
     let raw_jwt = jwt_token.trim_start_matches(BEARER).to_owned();
     debug!("raw_jwt: {:?}", raw_jwt);
@@ -599,3 +694,19 @@ fn authorize_proposer(jwt_token: String, user_pem: &String) -> Result<TokenData<
 
     Ok(token_payload)
 }
+
+#[derive(Template)]
+#[template(path = "welcome.html")]
+struct WelcomeTemplate<'a> {
+    title: &'a str,
+    body: &'a str,
+}
+
+pub async fn welcome_handler() -> Result<impl warp::Reply, warp::Rejection> {
+    let template = WelcomeTemplate {
+        title: "Welcome",
+        body: "To The Bookstore!",
+    };
+    let res = template.render().unwrap();
+    Ok(warp::reply::html(res))
+}
diff --git a/src/lib.rs b/src/lib.rs
index 7a24f9f..5442c6b 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -22,12 +22,11 @@
 //! `Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
 
 pub mod custom_filters;
-pub mod error;
 pub mod handlers;
 pub mod routes;
 pub mod schema;
 
-pub const PRIVATE_KEY: &'static str = "-----BEGIN RSA PRIVATE KEY-----
+pub const PRIVATE_KEY: &str = "-----BEGIN RSA PRIVATE KEY-----
 MIIEogIBAAKCAQEAyGuqiCPGcguy+Y9TH7Bl7XlEsalyqb9bYlzpbV0dnqZ3lPkE
 PkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO/jbN8jfcxVwBu0JxjF3v1YRBxbOH
 hz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDvQiSW5NdrX/lEkvqfGtdEX1m2+Hdc
@@ -55,7 +54,7 @@ PDYHM9dfQ8xn51U0fTeaXjy/8Km8fyX2Jtxntlm6puyhSTJ8AX+FEgJkC4ajNEvA
 mJ1Gsy2fXKUyyZdI2b74MLqOpzr9cvS60tmTIScuiHFzg/SJgiA=
 -----END RSA PRIVATE KEY-----";
 
-pub const PUB_KEY: &'static str = "-----BEGIN PUBLIC KEY-----
+pub const PUB_KEY: &str = "-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGuqiCPGcguy+Y9TH7Bl
 7XlEsalyqb9bYlzpbV0dnqZ3lPkEPkuOhkN+GcuiV6iXtSwyh7nB+xTRXKJFRUBO
 /jbN8jfcxVwBu0JxjF3v1YRBxbOHhz2A295mbKD9xHQCKxkfYBNkUXxj8gd+GaDv
diff --git a/src/routes.rs b/src/routes.rs
index 280de35..52d357a 100644
--- a/src/routes.rs
+++ b/src/routes.rs
@@ -7,11 +7,19 @@ use crate::schema::Db;
 
 /// Every route combined
 pub fn consensus_routes(db: Db) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
+    // Remember when we wanted to implement templating
+    // Why would we? Just put a staic webpage under /public (next to Cargo.toml) and place it and
+    // the end of the filter chain
+
+    // Fully fledged website support, phew!
+    let static_route = warp::any().and(warp::fs::dir("public"));
+
     transaction_list(db.clone())
         .or(register_user(db.clone()))
         .or(auth_transaction_propose(db.clone()))
         .or(auth_block_propose(db.clone()))
-        .or(block_list(db.clone()))
+        .or(block_list(db))
+        .or(static_route)
 }
 
 /// POST /register warp route
@@ -60,4 +68,3 @@ pub fn auth_block_propose(db: Db) -> impl Filter<Extract = impl Reply, Error = R
         .and(custom_filters::with_db(db))
         .and_then(handlers::authorized_propose_block)
 }
-
diff --git a/src/schema.rs b/src/schema.rs
index 264d2bd..cb353e4 100644
--- a/src/schema.rs
+++ b/src/schema.rs
@@ -9,6 +9,7 @@
 //! Users are held in memory and they're also backed up to text files
 use chrono::{NaiveDate, NaiveDateTime};
 use lazy_static::lazy_static;
+use log::debug;
 use parking_lot::RwLock;
 use serde::{Deserialize, Serialize};
 use std::collections::{HashMap, HashSet};
@@ -23,8 +24,6 @@ use std::vec::Vec;
 
 pub type Fingerprint = String;
 
-// TODO: start by reading users from file too <14-04-21, yigit> //
-
 fn block_parser(path: String) -> u64 {
     let end_pos = path.find(".block").unwrap();
     let block_str = path[9..end_pos].to_string();
@@ -63,16 +62,49 @@ fn read_block_name() -> io::Result<Vec<PathBuf>> {
     Ok(entries)
 }
 
-fn create_db_with_last_block(path: String) -> Db {
+fn read_users() -> io::Result<Vec<PathBuf>> {
+    let entries = fs::read_dir("./users")?
+        .map(|res| res.map(|e| e.path()))
+        .collect::<Result<Vec<_>, io::Error>>()?;
+
+    Ok(entries)
+}
+
+fn populate_db_with_last_block(db: &mut Db, path: String) -> &mut Db {
+    debug!("Populating db with last block {}", path);
     let file = fs::read(path).unwrap();
     let json = std::str::from_utf8(&file).unwrap();
     let block: Block = serde_json::from_str(json).unwrap();
-    let db = Db::new();
     *db.blockchain.write() = block;
-    return db;
+
+    db
+}
+
+#[derive(Debug, Serialize, Deserialize, PartialEq)]
+pub struct UserAtRest {
+    pub fingerprint: Fingerprint,
+    pub user: User,
 }
 
-/// Creates a new database, uses the previous last block if one exists
+fn populate_db_with_users(db: &mut Db, files: Vec<PathBuf>) -> &mut Db {
+    for fs in files {
+        if let Ok(file_content) = fs::read(fs) {
+            let json =
+                String::from_utf8(file_content).expect("we have written a malformed user file");
+            let user_at_rest: UserAtRest = serde_json::from_str(&json).unwrap();
+
+            debug!("Populating db with user: {:?}", user_at_rest);
+            db.users
+                .write()
+                .insert(user_at_rest.fingerprint, user_at_rest.user);
+        }
+    }
+
+    db
+}
+
+/// Creates a new database, uses the previous last block if one exists and attempts the populate
+/// the users
 pub fn create_database() -> Db {
     fs::create_dir_all("blocks").unwrap();
     fs::create_dir_all("users").unwrap();
@@ -82,6 +114,12 @@ pub fn create_database() -> Db {
     } else {
         return Db::new();
     }
+
+    if let Ok(users_path) = read_users() {
+        populate_db_with_users(&mut db, users_path);
+    }
+
+    db
 }
 
 /// A JWT Payload/Claims representation
@@ -181,13 +219,23 @@ impl Block {
         Block {
             transaction_list: vec!["gradecoin_bank".to_owned()],
             nonce: 0,
-            timestamp: NaiveDate::from_ymd(2021, 04, 11).and_hms(20, 45, 00),
+            timestamp: NaiveDate::from_ymd(2021, 4, 11).and_hms(20, 45, 00),
             hash: String::from("not_actually_mined"),
         }
     }
 }
 
-/// Simply a Student
+impl Default for Block {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+/// A Student
+///
+/// * [`user_id`]: Can only be one of the repopulated
+/// * [`public_key`]: A PEM format public key "---- BEGIN" and all
+/// * [`balance`]: User's current Gradecoin amount
 #[derive(Serialize, Deserialize, Debug, PartialEq)]
 pub struct User {
     pub user_id: MetuId,
@@ -196,7 +244,7 @@ pub struct User {
 }
 
 /// The values are hard coded in [`OUR_STUDENTS`] so MetuId::new() can accept/reject values based on that
-#[derive(Serialize, Deserialize, Debug, PartialEq)]
+#[derive(Serialize, Deserialize, Debug, PartialEq, Clone)]
 pub struct MetuId {
     id: String,
     passwd: String,
@@ -214,7 +262,7 @@ pub struct AuthRequest {
 #[derive(Serialize, Deserialize, Debug)]
 pub struct InitialAuthRequest {
     pub c: String,
-    pub iv: [u8; 32],
+    pub iv: String,
     pub key: String,
 }
 
@@ -265,10 +313,7 @@ impl fmt::Display for MetuId {
 impl MetuId {
     pub fn new(id: String, pwd: String) -> Option<Self> {
         if OUR_STUDENTS.contains(&(&*id, &*pwd)) {
-            Some(MetuId {
-                id: id,
-                passwd: pwd,
-            })
+            Some(MetuId { id, passwd: pwd })
         } else {
             None
         }